Scribd
Upload
14 views

Handout Cloud Security Fundamentals On AWS

Uploaded by

godisdead
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Handout Cloud Security Fundamentals On AWS

Uploaded by

godisdead
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

26 SEP,2024

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security fundamentals in AWS

Frank Phillis Julian Ju


Senior Security Specialist SA Senior Edge Services Specialist SA
AWS AWS
(he/him) (he/him)

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Session agenda
Cloud myths and misconceptions

Build, migrate and modernize securely on AWS

AWS Shared Responsibility Model

Security capabilities

Call to action
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud myths and misconceptions

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud myths and misconceptions
I have digital sovereignty requirements…
Can AWS access my data?

Am I or AWS responsible for securing my data?

Is the cloud less secure than on-premises?

I have compliance requirements… can I still use AWS?

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build, migrate and
modernize securely

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build, migrate and modernize securely

“There’s no compression algorithm for experience.” — Andy Jassy


Most compliance programs Move fast and stay secure The world’s most
of any cloud comprehensive cloud

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Proven security to accelerate innovation

The most secure Security automation that End-to-end security


infrastructure drives speed and agility and guidance

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The most secure infrastructure

Challenge
Build on a cloud that provides the security and
confidence to accelerate innovation

AWS approach
• 143 security and compliance certifications
• Secure-by-design
• Most operational experience

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security automation that drives speed and
agility
Challenge
Automate security checks to continually enforce
controls and mathematically prove the highest
levels of security

AWS approach
• Provable security
• Automatically detect security events
• Security automation at scale

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
End-to-end security and guidance

Challenge
Implement every step of your organization’s
optimal security posture

AWS approach
• 300+ security services and features
• Thousands of security solutions on AWS
Marketplace
• Open source security

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Shared Responsibility Model

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Shared Responsibility Model

Customer responsibility is
Security ‘IN’
determined by the AWS Cloud
the cloud services they select.

Security ‘OF’ AWS is responsible for protecting


the infrastructure that runs all
the cloud services offered in the AWS Cloud.
Customers
AWS

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security capabilities

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS security, identity, and compliance

Identity and access Detection and Network and Data Compliance


management response application protection protection
AWS Artifact
AWS Identity and AWS Security Hub AWS Firewall Manager Amazon Macie
Access Management AWS Audit Manager
(AWS IAM) Amazon GuardDuty AWS Network Firewall AWS Key Management
Service (AWS KMS)
AWS IAM Identity Amazon Security Lake AWS Shield
Center AWS CloudHSM
Amazon Inspector AWS Web Application
AWS Organizations Firewall (AWS WAF) AWS Certificate Manager
Amazon Macie
AWS Directory Service Amazon Virtual Private AWS Private CA
Amazon Detective
Cloud
Amazon Cognito AWS Secrets Manager
Amazon CloudWatch (Amazon VPC)
AWS Resource Access AWS Payment
AWS Config AWS PrivateLink
Manager Cryptography
AWS CloudTrail AWS Systems Manager
Amazon Verified Server-side encryption
Permissions AWS Verified Access

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity and access management
Securely manage and govern access for your customers, workforce, and workloads

Many applications Many users Many permissions

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity and access management
Securely manage and govern access for your customers, workforce, and workloads
AWS Cloud

AWS Organizations

Amazon Cognito AWS Identity and Access AWS IAM Identity Center
Management (AWS IAM)
Workforce
External users
users
Authenticated
user
Public app Logs

Account Account Account

Workforce Workforce
app 1 app 2
Permissions Permissions Permissions
Amazon Verified Permissions

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Detection and response
Continuously detect and respond to security risks to help protect your workloads at scale

Lack of visibility Fragmented security Difficult to distinguish


information signals from noise

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Detection and response
Continuously detect and respond to security risks to help protect your workloads at scale
AWS Cloud

AWS Organizations

VPC
Users
Logs

AWS Security Hub


Application

Amazon GuardDuty
Security
team

Amazon Inspector Amazon EventBridge

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Network and application protection
Enforce fine-grained security policy at every network control point

Multiple resources Broad range of risks Lack of centralized


control

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Network and application protection
Enforce fine-grained security policy at every network control point

AWS Cloud

AWS Organizations

VPC
Users
Amazon
Public subnet Private subnet
Route 53
Security group Security group

Amazon
CloudFront
Application Database

AWS Shield

Malicious
client
AWS WAF AWS Firewall
Manager

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Data protection
Build with comprehensive data protection in the cloud

Controlling and Meeting the security Ever increasing scale


managing access to requirement
sensitive data

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Data protection
Build with comprehensive data protection in the cloud

AWS Cloud

AWS KMS
key
Amazon CloudFront Amazon Simple Storage
Service (Amazon S3)
Amazon Macie
Virtual private cloud (VPC)
AWS Certificate
Manager (ACM) Availability Zone 1 Availability Zone 2

Application Load Application Load Balancer Application Load


Balancer Balancer

AWS KMS
Instances Auto Scaling group Instances key

AWS Key Management


Amazon RDS Multi-AZ Service (AWS KMS)
deployment AWS KMS
Multi-AZ Multi-AZ key

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Compliance
Automate continuous compliance and auditing at scale

Audit data must be Remediating non- Manual audit data


collected from compliance across collection makes
multiple sources multiple systems continual assessment
difficult

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Compliance, management and governance
Automate continuous compliance and auditing at scale
AWS Cloud

AWS Organizations

Services and resources

AWS Trusted Advisor

Amazon Virtual Private Amazon CloudFront Amazon Elastic Compute


Cloud (Amazon VPC) Cloud (Amazon EC2)
AWS Config

Security
checklist

Amazon Simple Storage Amazon Relational Database AWS Certificate


Service (Amazon S3) Service (Amazon RDS) Manager (ACM) AWS Security Hub

AWS Firewall Manager


AWS Artifact AWS Audit Manager

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Call to action

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Call to action
• Learn more about AWS security: https://aws.amazon.com/security/

• Check the latest news on AWS What’s New: https://aws.amazon.com/about-aws/whats-


new/security_identity_and_compliance/

• Hands-on learning with AWS Workshops: https://workshops.aws/

• Dive deeper with AWS Well-Architected Framework:


https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/

• Participate in Activation Days for hands-on workshops and best practices from SMEs:
https://awsactivationdays.splashthat.com/

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Visit the Migrate. Modernize. Build. resource hub
Dive deeper into these resources:

• 6 steps to success with generative AI


• Understanding the costs of generative AI
• 5 ways a secure cloud infrastructure drives innovation
• 10 ways to optimize costs and innovate with AWS
• Containers and serverless recommendation guide https://tinyurl.com/migrate-modernize-build

• Running Windows workloads on AWS: Your questions answered


• Top 10 reasons to choose AWS for SAP

… and more!

Visit resource hub

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Training and Certification
Access 600+ free digital courses with AWS Skill Builder

Focus on the cloud skills and services that are most relevant to you across
30+ AWS solutions, including digital self-paced learning plans and ramp-up
guides

• Build your future in the AWS Cloud at your own pace


https://skillbuilder.aws/
• Advance your skills and knowledge with learning plans
• Validate your cloud expertise with AWS Certification

Learn your way skillbuilder.aws »

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you for attending AWS Innovate – Migrate. Modernize. Build.

We hope you found it interesting! A kind reminder to complete the survey.


Let us know what you thought of today’s event and how we can improve the event
experience for you in the future.

[email protected]

twitter.com/AWSCloud

facebook.com/AmazonWebServices

youtube.com/user/AmazonWebServices

linkedin.com/company/amazon-web-services

twitch.tv/aws

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.

You might also like